If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Help with spyware/virus/trojan

I am not too sure the right place to post my problem, please let me if this is not the right forum for help.

I have a 5 years old Toshiba Satelite 5100 laptop, one night I had the blue screen of death, and hard drive died. no bootable can read the drive.

I bought a sega 80g drive and reinstall the XP home from the recovery disk, but once I connect to Internet, I got some virus/spyware/trojan, display some popup, one is "Your computer is infected, windows has detected spareware infection which corrupted the registry.." and ask me to go to registrycleanerxp.com, which I believe it's a spyware site.

I repeated to format drive and reintall homeXP a few times, still could not get rid of those virus/spyware/trojan, is my BIOS infected? or somewhere?

I use free online Trendmicro Housecall to scan the pc, and found the following virus/spyware/trojan

Troj_xpack.GR
TROJ_AGENT.NID
WORM_SDBOT.AWG
WORM_NACHI.A

and the Housecall can not clean those virus/spyware/trojan (coz it's free??), so I went to do the manual clean, but some registry key can not be deleted, especially the LEGACY_WLMSNGR under HKEY_LOCAL_MACHINE>CurrentControlSet>Enum>Root, and I can not kill this service in Task Manager process, (end process and come back righ away).

1st I want to make sure my BIOS is fine, I hears some nasty stuff can get into BIOS.

To SirDice:

The Old CD come with SP1, and I forgot to mention that I can not get windows update. when I go to windows update site, it's just sitting there, and some time giving me the RUNDLL and then everything frozen and I have to turn power off. And the sound of power off is kind of weird.

To ech0:

How do you do "Use hijackthis to find the registry keys. Use killbox to delete on reboot.", please give me some details.

So what I will do when go home:

reformat, reinstall

turn firewall on and scan in safe mode

also I have a XP pro copy and it's strange that when I install from the Pro CD, it failed when copying Drivers.CAB, but it's ok when I launch in XP home and do upgrade.

and the Housecall can not clean those virus/spyware/trojan (coz it's free??)

Maybe because the file(s) are in use and can not be accessed?
Maybe the file(s) just can't be cleaned at all and need to be deleted?

I repeated to format drive and reintall homeXP a few times, still could not get rid of those virus/spyware/trojan, is my BIOS infected? or somewhere?

If you think that is the case, what bios version are you running? Is it the latest for that machine?

While you are at toshiba's site looking for the latest bios ( using a known clean machine ) you might also want to download any other applicable updates and burn them to a disk or usb.

When I have to rebuild a machine, or for that matter build a new machine, I get all the updated drivers, etc. before I begin the rebuild process. Save them to disk, virus check everything, then begin my rebuild and install all necessary upgrades before I make any physical connection to the Internet. ( Even SP2 can be downloaded and put on disk. )

Then, as SirDice said, make sure the firewall is running then run windows update before going anywhere else on the net.